9. Authentication

So far, we've been talking about what it takes to build and break secure systems. We started with our own personal view of what secure means: Does the system remain correct? We then went on with common implementation blunders that cause insecurity, the building block of symmetric-key cryptography and how it can be attacked, and the building block of public-key cryptography and how it can be attacked.

But talking about secure systems makes sense only when there's a possibility of more than one player involved. We now consider the issue of authentication. The systems we're interested in building typically consist of many kinds of entities—people, machines, programs on machines, data—distributed across space and time. This structure ...

Get The Craft of System Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.